04 April 2006 | 10,465 views

The Tale of a Real Malaysian E-mail Spammer Exposed – Webflexx

Check Your Web Security with Acunetix

So a friend of mine received a spam, which is not unusual, but this one was a little different.

This guy is in Malaysia, and the spam he usually receives is from all over the place, mostly US-centric, but this one was targeting Malaysians, Malaysian spammer producing Malaysian spam, is it the first?

I asked for him to forward the mail to me so I could check it out, pretty standard spam.

Malaysian Spam

I then noticed Thunderbird was blocking some external images so I checked the source of the e-mail (The from address was pretty anonymous “eMarketer in Malaysia” dx8@tm.net.my).

Thunderbird Image Block

The source indeed revealed the location of the imbedded images:

Webflexx Spammer

http://www.webflexx.com/meng/wfx/

Fee Structure
RM288 – 150,000 emails (one day trial)
RM388 – 500,000 emails
RM688 – 1,000,000 emails
RM1376 – 2,000,000 emails
RM2064 – 3,000,000 emails + 1,000,000 emails FREE + ad design FREE!!

Reply with your contact number. Or call Ms Meng 012-205 1591 or Mr Lim 012- 302 3899

It seems this company webflexx does offer spamming services:

Direct E-mail Marketing

“direct email marketing” another term for spam right?

Notice the subdirectory of the spammer is /meng and the registrant of the webflexx domain is also an Ong Meng Foong, no coincidence right?

Webflexx Registration

24-2 Plaza Damansara Jalan Medan Setia 2,
Bukit Damansara,
KL,50490
MY
Tel. +603.22835898

Going up one directory allowed me to browse the /meng directory, quite a nice collection of stuff.

/meng Directory

Browsing through the /meng directory I also found a screenshot of a personal ‘blog’ from Meng Foong.

Meng Foong Blog

Now whilst I couldn’t quite make out the text of the URL I could see the name “Meng’s Fickle Rambling Sessions”, which I of course Googled and found his blog, you can have a read here:

http://omengos.blogspot.com/

Seems like a nice Christian boy…from his blog I also found his Flickr Page (Inactive) and his old Xanga page.

From browsing the sub-directories it seems his clients are sexual based so far, sex toys, condoms and so on.

Kinsei Corporation

Kinsei

I Need House

Ineedhouse

RMXXX

RMXXX

All his spam templates have this ‘disclaimer’ at the bottom:

Note: This email is meant for our potential clients. Should you have received it in error, please reply “unsubscribe” at the subject header. Thank you.

He or a friend named Amanda seems to be a student or ex-student of Help University college and a member of the Christian Fellowship there.

A quick Google Search on his site doesn’t yield much, just a couple more directories nothing interesting (/images and /multimedia).

I know people have to make a living, but spamming is not the way ok.

I hope no-one out there supports these spammers by paying them for these services, and no one of you uses any of these services advertised through spam.

There are plenty of pictures too in the http://www.webflexx.com/meng/ directory, check /tiomans and /kk to see :)

Have fun and remember don’t spam. If you really don’t know why spam is bad, read this.

Note: If you read this post by mistake, please e-mail Darknet with “unsubscribe” in the subject.

Digg This Article



Recent in Spammers & Scammers:
- Russian Cyber-Crime Market Doubled In 2011
- Android Trojan Targets Japanese Market – Steals Personal Data
- Ramnit Worm Stealing Facebook Account Passwords, E-mail Address & Bank Details

Related Posts:
- Malaysia Government Sites Under Attack From Anonymous
- Spam – A Simple Guide To Keeping Your Inbox Clean
- Retarded E-mails – Crack Hotmail? Hack Facebook? Boyfriend Cheating?

Most Read in Spammers & Scammers:
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,553 views
- Pro ATM Hacker ‘Chao’ Gives Out ATM Hacking Tips - 34,521 views
- Twitter DM Phishing Scam - 28,881 views

Advertise on Darknet

19 Responses to “The Tale of a Real Malaysian E-mail Spammer Exposed – Webflexx”

  1. Fashionasia 4 April 2006 at 9:15 am Permalink

    eh….good spywork!! clap clap, next time i need to do some spywork i know who to look for.

    but….noneed to be so bad la put up his name and personal details all, kesian the fellow.

  2. Dzof 4 April 2006 at 9:25 am Permalink

    I agree, good investigative work.

  3. Loong 4 April 2006 at 1:20 pm Permalink

    pwned! =)

  4. evilfoo 6 April 2006 at 7:47 am Permalink

    Sweet !!… This dude didn’t even disable directory listing for images on his site.

  5. jarra 6 April 2006 at 7:30 pm Permalink

    excellent work.
    he even apologised, hahaha
    http://omengos.blogspot.com/2006/04/apologies-to-malaysians-at-large.html
    but still, what he did makes him an *&%#$ !!!

  6. Darknet 7 April 2006 at 4:28 am Permalink

    Fashionasia: Well just shows what can be exposed if you aren’t careful..

    evilfoo: He didn’t disable directory listing at all…he’s deleted the directory now though.

    jarra: Seems like he’s closed his blog now.

  7. Andy 8 April 2006 at 4:57 pm Permalink

    it’s actually a dudette m- wonder how much flak they got from their personal info being online though.

  8. Christian J. Koch 12 April 2006 at 5:18 pm Permalink

    seems his blog and the webflexx site is now offline!! lol

    great work!

  9. WTF! 18 April 2006 at 2:10 am Permalink

    WTF!!! Whats the point?!

  10. Danny Foo 16 May 2006 at 3:23 am Permalink

    I think that’s one of it exposed. But there are others who do the same and the worst of the lot are the ones selling the information of emails to people. sigh..

  11. Ken Woo 30 November 2006 at 5:48 am Permalink

    Webflexx life again!. He try to cheat Google bot to SEO his site with Keyword “Emarketing Malaysia” and “E-marketing Malaysia”. This is the screen shot.
    He Try to spam high keyword density to SEO his website. He really good in SPAM SPAM SPAM!!!!

  12. Ken Woo 30 November 2006 at 5:50 am Permalink

    Please goto this image URL : http://static.flickr.com/104/310052679_665c84670a.jpg?v=0 to view here spam skill

  13. Webflexx 23 January 2007 at 1:25 am Permalink

    Hi

    I am the webflexx.com owner and I was the one exposed by Darknet. Yes, at one stage I was spamming but all that has stopped already by now. I did apologise for what I did, and I have already stopped.

    I did not steal passwords nor pin numbers, and neither did I cheat anyone of their hard earned money and their innocence. I have never done any of those things. If I did, please bring it up and I’ll try to re-do where I have gone wrong. I was experimenting with a lot of things in the process to learn.

    The Google Bot was not a cheat, I was just experimenting with the codes. I know people enjoy all these juicy news when one is being “exposed” like this. If Google Bot can capture the codes and list us, then it is a point to consider. I was reading all those emarketing articles and was just experimenting with it. Why wan to make a big issue of a learning process here?

    Most of my clients are not sexual-based. INeedHouse is indeed one of the biggest (and perhaps the ONLY) adult store in Malaysia. And being in Malaysia, they are actually promoting safe sex. Perhaps adults activities are rampant everywhere but not in Malaysia. This is a Muslim country. If you do not believe me, simply be in touch with them. Just google INeedHouse and be in touch so that they can tell you the truth too.

    It has almost been one year now since Darknet exposed me. And since then, everything has changed. I no longer conduct any spamming business. Not at all. I have stopped all that when I was first ‘exposed’. And I do not sell any email addresses to anyone.

    We do proper business now, and we do it the right way. I know I have offended spam-victims, but all those have stopped since.

    I do not run from making mistakes, so please hope to get your good understanding on all these things. I am not a cheater.

    If you would like to call me on my mobile, simply call +60-12-205 1591 and let me apologise to you personally. You can also email me wfxmarketing@gmail.com and let me apologise.

    If you are still unhappy, just contact me. No point going around and studying what is up and what is down and what I have done in the past. All those remain in the past.

    If I can recover from what Darknet did in exposing me like this, why can’t the rest of the world follow suit?

    Once again, please accept my apologies and I am truly sorry.

  14. Webflexx 23 January 2007 at 1:29 am Permalink

    To Ken Woo,

    You’re definitely either a Malaysian or a Singaporean. Please be in touch with me. Please let me know if I have offended you.

    You do not have to be too worked out on the keywords spamming in the index page. It was an experiment. Even if I did take those words away from the index page, there are other criterias that Google look into for SEOing a website, definitely not on the density of the keyword alone. If that is the case, then it would be an unfair way for Google to rank each pages, as all a website owner need to do is to repeat each keywords as often as possible.

    Let me make my mistakes and let me learn. Just do not get too worked out over this. Everyone is trying their level best to get to the top 10 of Google.com, so let me learn how to get it done.

    Thanks for your understanding Mr. Ken Woo. If you are still not happy, please be in touch with me.

    To Mr Danny Foo,

    I have also been reading your website and I have learned from you for a few months now. Hope to exchange opinion with you one day. I am not a cheater, a liar, and neither am I a stealer.

    To the world, apologies once again.

  15. Spikyles 24 January 2007 at 7:32 am Permalink

    I found this article interesting and decided to test out the process with some of the spam I received. I found almost the exact situation for my spammer, the files, etc… anyone have any suggestions on what to do with the info? Pretty cool though.

  16. Darknet 24 January 2007 at 9:48 am Permalink

    Webflexx: Your website services still state you do direct email marketing, so you are still a spammer.

    Spikyles: Report them to the upstream ISP the mail was sent from and the web host for the domain the spam image/site is hosted on that’s about the best you can do.

  17. Webflexx 24 January 2007 at 1:58 pm Permalink

    Dear Darknet

    Thanks for bringing this up. I have already taken down that one line. Trust me, we don’t spam anymore. Apologies once again for the misconception given.

    I mean, I have already deleted the line that says we still offer direct email marketing.

    Webflexx.